Foundation Level (Level 1) encompasses the basic safeguarding requirements for FCI specified in FAR Clause 52.204-21.
Keep ReadingLevel 2, referred to as the advanced level focuses on the protection of CUI. Advanced Level (Level 2) encompasses the security requirements for CUI specified in NIST SP 800-171 per DFARS Clause 252.204-7012.
Keep ReadingThe DoD intends for Level 3 (“Expert”) cybersecurity requirements to be assessed by Government officials. Assessment requirements are currently under development.
Keep ReadingWhat is the CMMC CAP?
The CMMC Assessment Plan (CAP) is organized across four (4) phases and describes the required activities to ensure that CMMC Assessments (for Level 2) are conducted consistently across the DIB. The four phases are:
A strong and effective CMMC Certification Assessment begins with a well-organized planning and preparation effort.
Contact UsThe purpose of Phase 2 is to assess the implementation of CMMC practices by the OSC in conformance with the CMMC Model.
Contact UsIn this phase, the Lead Assessor (with or without the Assessment Team Members) shall deliver the recommended Assessment results to the OSC during the Final Findings Briefing.
Contact UsThe purpose of this phase is to allow OSCs that received a Conditional CMMC Level 2 Certification during Phase 3 to close out all practices validated on Plans of Action and Milestones (POA&M) during the C3PAO Assessment.
Contact UsWe can help you identify the gap between your current security posture and your target CMMC Level.
A security & compliance focused CISO with over 30 years of experience supporting Microsoft servers, clients, and network services. The last 20 years have been focused on continually identifying and safeguarding electronic Private Health Information (ePHI).
As a Security & Compliance Officer for several medical practices for the past 10 years, he has never allowed a breach of ANY patient records or company data in part due to strict adherence to NIST Guidelines and establishing a layered defense against malicious attacks.
Preparing OSC's for CMMC Certification by understanding their position within the three levels of cybersecurity maturity and identifying Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) data in their organization.
Being a Network Administrator for 30 years has afforded me the opportunity to participate in the birth of the Cybersecurity industry and in the maturation process to help secure our nation's digital assets.
I’m Marc Murphy, CEO and CCP for CMMC-Consultants.
I have 30 years of experience in the IT industry. My firm advises and remediates CMMC compliance gaps for small to mid-sized DIB companies.
For the past 20 years I have been identifying and securing ePHI in the Healthcare IT field. This experience has given me a vital skillset in data
identification/classification that now applies to identifying Federal Contract Information and Controlled Unclassified Information, which ePHI falls under.
Securing data for the DIB is a personal passion for me as a military historian and having a long family history of Military Service stretching back through Vietnam, WW2, WW1 and back to the Civil War.
This mission to protect the US War Fighter is a noble and urgent cause...in the words of the WW2 War Bond effort....keep ‘em flying!